逆向 | 检查系统强制签名检查是否开启

逆向 | 检查系统强制签名检查是否开启

存一份代码：

#include <stdio.h>
#include <Windows.h>
#include <winternl.h>
//#include <Ntstatus.h>
#pragma comment(lib,"ntdll.lib")
int main()
{
    SYSTEM_CODEINTEGRITY_INFORMATION info = { 0 };
    info.Length = 8;    // 调用方设置
    ULONG ret_len = 0;
    NTSTATUS status = NtQuerySystemInformation(SystemCodeIntegrityInformation, &info, sizeof(info), &ret_len);
    if (NT_SUCCESS(status)) {
        printf("ok %ld\n", ret_len);
        printf("  > %ld \n", info.Length);
        printf("  > %lx \n", info.CodeIntegrityOptions);
        if (info.CodeIntegrityOptions & 1) {
            printf("开启了强制签名 \n");
        }
    }
    else {
        printf("err [%x]\n", status);
    }
    return 0;
    
}